Detection and coordinated response to a phishing campaign impersonating LastPass communications

In January 2026, a new phishing campaign began to be detected that used the image and name of LastPass, one of the world's best-known password managers. The first alerts arose when fraudulent emails sent to users of the service were identified. The company itself publicly confirmed the existence of this campaign, warning that it was a coordinated attempt at identity theft. The news spread quickly due to the sensitivity of the affected service and the potential impact on the security of user credentials.

This phishing campaign focuses on impersonating backup or maintenance alerts from LastPass password vaults. Attackers send emails mimicking the design and language of official company communications, creating a sense of urgency by indicating that a backup must be performed within a very short time frame. When victims click on the links included in the emails, they are redirected to malicious websites designed to capture their master password. In response, LastPass issued an official statement clarifying that it never requests master passwords via email and that it was already working with third parties to stop the campaign.

Currently, the phishing campaign is in the mitigation and monitoring phase. LastPass has reinforced its warnings and continues to monitor for possible new waves of fraudulent emails, while specialized media outlets continue to remind users of best practices for detecting phishing attempts. No significantly different new techniques have been reported within this same campaign, although it is considered an active risk as long as the attackers maintain the operational infrastructure.